ipsilon/providers/openidp.py

   1 #!/usr/bin/python
   2 #
   3 # Copyright (C) 2014  Ipsilon project Contributors, for licensee see COPYING
   4
   5 from __future__ import absolute_import
   6
   7 from ipsilon.providers.common import ProviderBase
   8 from ipsilon.providers.openid.store import OpenIDStore
   9 from ipsilon.providers.openid.auth import OpenID
  10 from ipsilon.providers.openid.extensions.common import LoadExtensions
  11 from ipsilon.util.plugin import PluginObject
  12 from ipsilon.util import config as pconfig
  13 from ipsilon.info.common import InfoMapping
  14
  15 from openid.server.server import Server
  16
  17
  18 class IdpProvider(ProviderBase):
  19
  20     def __init__(self, *pargs):
  21         super(IdpProvider, self).__init__('openid', 'openid', *pargs)
  22         self.mapping = InfoMapping()
  23         self.page = None
  24         self.server = None
  25         self.basepath = None
  26         self.extensions = LoadExtensions()
  27         print self.extensions.available()
  28         print self.extensions.available().keys()
  29         self.description = """
  30 Provides OpenID 2.0 authentication infrastructure. """
  31
  32         self.new_config(
  33             self.name,
  34             pconfig.String(
  35                 'database url',
  36                 'Database URL for OpenID temp storage',
  37                 'openid.sqlite'),
  38             pconfig.String(
  39                 'default email domain',
  40                 'Used for users missing the email property.',
  41                 'example.com'),
  42             pconfig.String(
  43                 'endpoint url',
  44                 'The Absolute URL of the OpenID provider',
  45                 'http://localhost:8080/idp/openid/'),
  46             pconfig.Template(
  47                 'identity url template',
  48                 'The templated URL where identities are exposed.',
  49                 'http://localhost:8080/idp/openid/id/%(username)s'),
  50             pconfig.List(
  51                 'trusted roots',
  52                 'List of trusted relying parties.'),
  53             pconfig.List(
  54                 'untrusted roots',
  55                 'List of untrusted relying parties.'),
  56             pconfig.Choice(
  57                 'enabled extensions',
  58                 'Choose the extensions to enable',
  59                 self.extensions.available().keys()),
  60         )
  61
  62     @property
  63     def endpoint_url(self):
  64         url = self.get_config_value('endpoint url')
  65         if url.endswith('/'):
  66             return url
  67         else:
  68             return url+'/'
  69
  70     @property
  71     def default_email_domain(self):
  72         return self.get_config_value('default email domain')
  73
  74     @property
  75     def identity_url_template(self):
  76         url = self.get_config_value('identity url template')
  77         if url.endswith('/'):
  78             return url
  79         else:
  80             return url+'/'
  81
  82     @property
  83     def trusted_roots(self):
  84         return self.get_config_value('trusted roots')
  85
  86     @property
  87     def untrusted_roots(self):
  88         return self.get_config_value('untrusted roots')
  89
  90     @property
  91     def enabled_extensions(self):
  92         return self.get_config_value('enabled extensions')
  93
  94     def get_tree(self, site):
  95         self.init_idp()
  96         self.page = OpenID(site, self)
  97         # self.admin = AdminPage(site, self)
  98
  99         return self.page
 100
 101     def init_idp(self):
 102         self.server = Server(
 103             OpenIDStore(self.get_config_value('database url')),
 104             op_endpoint=self.endpoint_url)
 105
 106         # Expose OpenID presence in the root
 107         headers = self._root.default_headers
 108         headers['X-XRDS-Location'] = self.endpoint_url+'XRDS'
 109
 110         html_heads = self._root.html_heads
 111         HEAD_LINK = '<link rel="%s" href="%s">'
 112         openid_heads = [HEAD_LINK % ('openid2.provider', self.endpoint_url),
 113                         HEAD_LINK % ('openid.server', self.endpoint_url)]
 114         html_heads['openid'] = openid_heads
 115
 116     def on_enable(self):
 117         super(IdpProvider, self).on_enable()
 118         self.init_idp()
 119         self.extensions.enable(self._config['enabled extensions'].get_value())
 120
 121
 122 class Installer(object):
 123
 124     def __init__(self, *pargs):
 125         self.name = 'openid'
 126         self.ptype = 'provider'
 127         self.pargs = pargs
 128
 129     def install_args(self, group):
 130         group.add_argument('--openid', choices=['yes', 'no'], default='yes',
 131                            help='Configure OpenID Provider')
 132
 133     def configure(self, opts):
 134         if opts['openid'] != 'yes':
 135             return
 136
 137         proto = 'https'
 138         if opts['secure'].lower() == 'no':
 139             proto = 'http'
 140         url = '%s://%s/%s/openid/' % (
 141             proto, opts['hostname'], opts['instance'])
 142
 143         # Add configuration data to database
 144         po = PluginObject(*self.pargs)
 145         po.name = 'openid'
 146         po.wipe_data()
 147         po.wipe_config_values()
 148         config = {'endpoint url': url,
 149                   'identity_url_template': '%sid/%%(username)s' % url}
 150         po.save_plugin_config(config)
 151
 152         # Update global config to add login plugin
 153         po.is_enabled = True
 154         po.save_enabled_state()